Skip to content

Commit

Permalink
fix merge conflicts
Browse files Browse the repository at this point in the history
  • Loading branch information
@rpiazza
rpiazza committed Dec 6, 2024
2 parents 3f5b1e0 + 88bf99b commit e7c3cf6
Show file tree
Hide file tree
Showing 10 changed files with 111 additions and 96 deletions.
32 changes: 0 additions & 32 deletions extension-definition-specifications/artifact-805/artifact.json
View file

This file was deleted.

39 changes: 39 additions & 0 deletions ...ecifications/artifact-805/extension-definition--8053ffa0-dec7-4aef-870e-a56d0082cf69.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://raw.githubusercontent.com/oasis-open/cti-stix-common-objects/main/extension-definition-specifications/artifact-805/extension-definition--8053ffa0-dec7-4aef-870e-a56d0082cf69.json",
"title": "malware-sample-artifact-extension",
"description": "An extension of the Artifact object to allow capture of malware samples.",
"type": "object",
"allOf:": [
{
"$ref": "https://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/artifact.json"
},
{
"properties": {
"extensions": {
"type": "object",
"properties": {
"extension-definition--8053ffa0-dec7-4aef-870e-a56d0082cf69": {
"type": "object",
"properties": {"extension_type": {
"type": "string",
"description": "Defined by STIX 2.1 extension definition rules from 'extension-type-enum'.",
"enum": ["toplevel-property-extension"]
}},
"required": ["extension_type"]
},
"required": ["extension-definition--8053ffa0-dec7-4aef-870e-a56d0082cf69"]
}
},
"is_safe": {
"type": "boolean",
"description": "Indicates whether the artifact is safe, i.e., can be opened or processed without risking harm or infection. The default value is false."
}
},
"required": [
"extensions",
"is_safe"
]
}
]
}
29 changes: 15 additions & 14 deletions extension-definition-specifications/incident-ef7/Incident Extension Suite.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -150,15 +150,6 @@ Events can be grouped into sequences based on the *next_events_refs* property of
|A list of the impacts of this incident.
All objects referenced in this list *MUST* be an [stixtype]#<<impact,impact>># object.

|*impacted_entity_counts* (optional)
|[stixtype]#<<entity-count,entity-count>>#
|A listing of the entity types that were impacted by the incident, and how many of each type were affected.
Individual impacts objects may also record more detailed counts as appropriate.

If this property is not present it should be assumed that this information is not being shared, not that there were no impacted entities.

To affirmatively state no entities of a given class were impacted they should be included with the number of entities affected by it set to 0.

|*incident_types* (optional)
|[stixtype]#{list_url}[list]# of type [stixtype]#{open_vocab_url}[open-vocab]#
|A list of incident types of incident that occurred, if applicable.
Expand Down Expand Up @@ -573,8 +564,9 @@ As a new SDO extension it must follow the requirements as described in section 7

|*impact_category* (required)
|[stixtype]#{string_url}[string]#
|The category to which the impact belongs.
This *MUST* match an extension that provides greater details of a specific type of impact, and *SHOULD* come from the extensions listed in section 2.3.2 of this document. The value can be specified with or without the "-ext" suffix.
|The category to which the impact belongs. This *MUST* be either [stixliteral]#undetermined# or match an extension that provides greater details of a specific type of impact, and *SHOULD* come from the extensions listed in section 2.3.2 of this document.

The value can be specified with or without the "-ext" suffix. If this property is set to [stixliteral]#undetermined# then there *MUST* not be an "-ext" extension providing further details for this impact.

|*type* (required)
|[stixtype]#{string_url}[string]#
Expand Down Expand Up @@ -1013,12 +1005,12 @@ As a new SDO extension it must follow the requirements as described in section 7
^|[stixtr]*Task Object Specific Properties*

|*task_types*,
*affected_entity_counts*,
*changed_objects*,
*description*,
*end_time*,
*end_time_fidelity*,
*error*,
*impact_entity_counts*,
*name*,
*next_tasks_refs*
*outcome*,
Expand Down Expand Up @@ -1073,9 +1065,9 @@ If no value is provided the timestamp should be considered to be accurate up to
|[stixtype]#{string_url}[string]#
|Details about any failures or deviations that occurred in the task.

|*impacted_entity_counts* (optional)
|*affected_entity_counts* (optional)
|[stixtype]#<<entity-count,entity-count>>#
|A listing of the entity types that were impacted and how many of each were affected.
|A listing of the entity types and how many of each that were affected.

This is primarily used when recording victim notifications.

Expand Down Expand Up @@ -2186,6 +2178,9 @@ This option should be used to affirmatively supply this information when necessa

|[stixliteral]#suspected-loss#
|It is suspected but not confirmed that the attacker may have gained access to this information.

|[stixliteral]#unknown#
|It is unknown if the attacker may have gained access to this information.
|===

<<<
Expand Down Expand Up @@ -2251,6 +2246,9 @@ This should not be used when an incident was flagged correctly, but is of no imp

|[stixliteral]#none#
|There is no evidence of destruction or modification of this data type in the system.

|[stixliteral]#unknown#
|It is unknown if destruction or modification of this data type in the system has occurred.
|===

[[physical-impact-enum]]
Expand Down Expand Up @@ -2391,6 +2389,9 @@ Hours and minutes should be understood to establish the timezone for the activit

|[stixliteral]#provable-accountability#
|Accountability can be ensured from the traces that are present.

|[stixliteral]#unknown-accountability#
|Accountability is unknown.
|===

<<<
Expand Down
2 changes: 1 addition & 1 deletion ...ions/malware-behavior-8e9/extension-definition--8e9e338f-c9ee-4d4f-8cac-85b4dcfdf3c1.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
"properties": {
"extension-definition--8e9e338f-c9ee-4d4f-8cac-85b4dcfdf3c1": {
"type": "object",
"$ref": "https://raw.githubusercontent.com/oasis-open/cti-stix-common-objects/main/extension-definition-specifications/malware-behavior-8e9/malware-extension.json"
"$ref": "malware-extension.json"
}
},
"required": ["extension-definition--8e9e338f-c9ee-4d4f-8cac-85b4dcfdf3c1"]
Expand Down
2 changes: 1 addition & 1 deletion ...ions/malware-behavior-8e9/extension-definition--d57b7c9c-7fa6-436b-b82c-8e6f69cdc3d0.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://raw.githubusercontent.com/oasis-open/cti-stix-common-objects/main/extension-definition-specifications/malware-behavior-8e9/extension-definition--d57b7c9c-7fa6-436b-b82c-8e6f69cdc3d0.json",
"title": "Malware Behavior Extension",
"description": "This schema defines new SDOs to capture malware behaviors.",
Expand Down
4 changes: 2 additions & 2 deletions extension-definition-specifications/malware-behavior-8e9/malware-behavior.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://raw.githubusercontent.com/oasis-open/cti-stix-common-objects/main/extension-definition-specifications/malware-behavior-8e9/malware-behavior.json",
"title": "malware-behavior",
"description": "malware-behavior SDO",
Expand All @@ -26,7 +26,7 @@
"description": "The name of the behavior (e.g., Request Email Address List)."
},
"obj_defn": {
"$ref": "https://raw.githubusercontent.com/oasis-open/cti-stix-common-objects/main/extension-definition-specifications/malware-behavior-8e9/object-definition.json"
"$ref": "object-definition.json"
},
"obj_version": {
"type": "string",
Expand Down
89 changes: 48 additions & 41 deletions extension-definition-specifications/malware-behavior-8e9/malware-extension.json
View file
Original file line number Diff line number Diff line change
@@ -1,46 +1,53 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://raw.githubusercontent.com/oasis-open/cti-stix-common-objects/main/extension-definition-specifications/malware-behavior-8e9/malware-extension.json",
"title": "Malware extension for Malware Behavior",
"description": "Extension to the malware object to support Malware Behavior",
"properties": {
"extension_type": {
"type": "string",
"enum": [
"property-extension"
]
},
"obj_defn": {
"$ref": "https://raw.githubusercontent.com/oasis-open/cti-stix-common-objects/main/extension-definition-specifications/malware-behavior-8e9/object-definition.json"
},
"year": {
"description": "This property denotes the year the malware instance or family was first seen.",
"type": "string",
"pattern": "^\\d{4}$"
},
"platforms": {
"description": "This property denotes the operating system affected by the malware. The values for this property SHOULD come from the os-type-ov open vocabulary.",
"type": "array",
"item": {
"type": "string"
},
"minItems": 1,
"$comment": "not required, but if used, there must be 1 item"
}
},
"required": [
"obj_defn"
],
"definitions": {
"os-type-ov": {
"type": "string",
"enum": [
"android",
"ios",
"linux",
"macos",
"windows"
]
}
}
"allOf:": [
{
"$ref": "https://raw.githubusercontent.com/oasis-open/cti-stix2-json-schemas/stix2.1/schemas/observables/sdos/malware.json"
},
{
"properties": {
"extension_type": {
"type": "string",
"enum": [
"property-extension"
]
},
"obj_defn": {
"$ref": "object-definition.json"
},
"year": {
"description": "This property denotes the year the malware instance or family was first seen.",
"type": "string",
"pattern": "^\\d{4}$"
},
"platforms": {
"description": "This property denotes the operating system affected by the malware. The values for this property SHOULD come from the os-type-ov open vocabulary.",
"type": "array",
"item": {
"type": "string"
},
"minItems": 1,
"$comment": "not required, but if used, there must be 1 item"
}
},
"required": [
"obj_defn"
],
"definitions": {
"os-type-ov": {
"type": "string",
"enum": [
"android",
"ios",
"linux",
"macos",
"windows"
]
}
}
}
]
}
4 changes: 2 additions & 2 deletions extension-definition-specifications/malware-behavior-8e9/malware-method.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://raw.githubusercontent.com/oasis-open/cti-stix-common-objects/main/extension-definition-specifications/malware-behavior-8e9/malware-method.json",
"title": "malware-method",
"description": "malware-method SDO",
Expand All @@ -25,7 +25,7 @@
"description": "The name of the behavior (e.g., Request Email Address List)."
},
"obj_defn": {
"$ref": "https://raw.githubusercontent.com/oasis-open/cti-stix-common-objects/main/extension-definition-specifications/malware-behavior-8e9/object-definition.json"
"$ref": "object-definition.json"
},
"behavior_ref": {
"allOf": [
Expand Down
4 changes: 2 additions & 2 deletions extension-definition-specifications/malware-behavior-8e9/malware-objective.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://raw.githubusercontent.com/oasis-open/cti-stix-common-objects/main/extension-definition-specifications/malware-behavior-8e9/malware-objective.json",
"title": "malware-objective",
"description": "malware-objective SDO",
Expand All @@ -25,7 +25,7 @@
"description": "The name of the behavior (e.g., Request Email Address List)."
},
"obj_defn": {
"$ref": "https://raw.githubusercontent.com/oasis-open/cti-stix-common-objects/main/extension-definition-specifications/malware-behavior-8e9/object-definition.json"
"$ref": "object-definition.json"
}
}
}
Expand Down
2 changes: 1 addition & 1 deletion extension-definition-specifications/malware-behavior-8e9/object-definition.json
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"$schema": "http://json-schema.org/draft-07/schema#",
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://raw.githubusercontent.com/oasis-open/cti-stix-common-objects/main/extension-definition-specifications/malware-behavior-8e9/object-definition.json",
"title": "object-definition",
"properties": {
Expand Down

0 comments on commit e7c3cf6

Please sign in to comment.